Security/Cleanup advice for compromised remote PC

Hi there,

I'm not sure if i'm posting this in the most appropriate place, let me know if that's the case.

I'm basically looking for some advice and hope a few of you might be able to shed some light or offer advice - or even recommend a more appropriate forum/website.

I have a friend who has a windows 7 machine which could potentially have a multitude of problems - which relate to an ex boyfriend who is harassing her and threatening to disclose large amounts of private data to her friends and family. I'm yet to have a look at it but the main areas of concern are the following

a) Potential key logger
b) Potentially has access to all online accounts Facebook, email etc (passwords were changed but that didn't help)
c) Potential remote access / back door
d) potential access to mobile phone

He has been able to produce personal emails, threatening to send copies to all family and friends - one person has confirmed this is true and been sent copies.

He has turned up at her house saying he knew who was inside and what was being talked about - again she has confirmed what he repeated was actually correct.

He has also managed to read or gain access to txt messages from phone.

I'm waiting to hear back through a third party verbally (not getting her to contact me in any digital way) in regards to a list of questions I have about hardware, software, setup, phone type etc and specific examples of timings and what exactly has been happening. It all sounds quite complex and the kicker is the following

a) She lives in a different country
b) I have no physical access to the machine at all

Both of these make it impossible to just blow the machine away and rebuild. Also it would be good to find any evidence at all to connect the dots

Once I have an idea of what software and hardware i'm dealing with, i'll get her to do a sight check for physical key loggers any any other anomalies. This is where i'm stuck - i'd like to monitor the machine for file changes, logs etc and maybe a sniffer to see whats happening on there over a time period for potential FTP, IRC connections or anything odd before I jump in and try to pinpoint rouge files/services. Install firewall, AV etc all of which i'll need to do remotely

So i'm just trying to prepare before she gets back to me and make sure i've got a plan in place.

Does anyone have any ideas, experience or even recommendations on best practices for this type of scenario.

*NOTE - the police have been informed they advised they can only assist if he turns up at the house again. They can't take any action on everything else he's been doing at this stage.

 

A plan of action for the Windows 7 PC would be to visit the Malware forum at http://forums.majorgeeks.com/forumdisplay.php?f=35 and to follow the advice at http://forums.majorgeeks.com/showpost.php?p=664939&postcount=2 and then http://forums.majorgeeks.com/showthread.php?t=44525

This would secure the PC.

However, you would also need to secure the network connection, mobile phone and other personal hardware/devices. Possibly the simpliest way to do this is purchase new items but this may not within the budget.

If this is not possible, then network security information can be found at: see http://www.microsoft.com/en-gb/secur...-wireless.aspx
and http://www.microsoft.com/en-gb/security/default.aspx

Mobile phone or device security questions can be posted here: http://forums.majorgeeks.com/forumdisplay.php?f=67 and you may need further specialist advice to secure the mobile devices.

Then there are the accounts to social networks that need securing and passwords changed, e.g., Facebook: http://www.majorgeeks.com/files/details/a_guide_to_facebook_security.html

Do you know which country the events take place? For example, in the UK advice can be found at: http://www.actionfraud.police.uk/fraud_protection/identity_fraud

You may also need to secure credit/debit cards and other personal items (e.g., passport, paperwork, etc.), as well house security.

 

Hi Maxwell - thanks for taking the time to reply - those links and resources are great. I'll start having a read through them now.

I know she's had her locks changed already and i'm pretty sure replacing hardware will be out of her budget. At a guess he's already got his hands on all her personal emails that he wants, I guess she just wants to make sure he doesn't keep snooping/spying which can be pretty unnerving - she also has two small kids which makes the whole thing even more inappropriate.

I'll do a bit of digging and lock everything down as best I can. I just need to figure out how after already reseting all her passwords he may still have access - either through keylogger, backdoor, or possible even just has his email account as a secondary account for her online credentials.. wont know until I jump on and have a look. She's not really the sort of person you can talk through a list of computer tasks..

IT skills are limited to webmail, Facebook and possibly Candycrush or whatever it is that people play these days

Thanks again for your help and i'll report back on progress once the ball is rolling.

She's in New Zealand so 12 hours behind me so it'll be a slow back and forth process. I think the laws must be a little bit more relaxed about harassment etc
over there as the police can't act just yet :confused

 

For NZ electronic crime see: http://www.police.govt.nz/advice/email-and-internet-safety